Nation-State Actor
Salt Typhoon
China • Active since 2020
Salt Typhoon hacked major US phone companies and got access to the wiretapping systems. This means they could potentially see who the US government was monitoring and spy on those communications.
Overview
Salt Typhoon is a Chinese state-sponsored threat group that has compromised US telecommunications providers. They have gained access to lawful intercept systems and communications metadata.
Also Known As
GhostEmperor, FamousSparrow
Target Industries
Telecommunications, Government, Critical Infrastructure
Target Regions
United States, Southeast Asia
Is your business exposed?
Tactics, Techniques & Procedures
- • Telecom infrastructure targeting
- • CALEA/lawful intercept compromise
- • Kernel-mode rootkits
- • Long-term persistence
- • Metadata collection
Known Tools & Malware
Demodex rootkit, Custom implants, GhostEmperor tools
Notable Campaigns
US Telecom Compromise (2024)
Compromised major US telecom providers including AT&T and Verizon.
Lawful Intercept Access (2024)
Gained access to CALEA wiretap systems.
MITRE ATT&CK Techniques
T1190, T1014, T1557, T1040, T1078
Defense Recommendations
- 1.
Audit telecom infrastructure access
- 2.
Implement enhanced logging for intercept systems
- 3.
Deploy rootkit detection
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required